Book Image

Cybersecurity – Attack and Defense Strategies - Second Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya
Book Image

Cybersecurity – Attack and Defense Strategies - Second Edition

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Cybersecurity – Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book, covering the very latest security threats and defense mechanisms including a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape, with additional focus on new IoT threats and cryptomining. Cybersecurity starts with the basics that organizations need to know to maintain a secure posture against outside threat and design a robust cybersecurity program. It takes you into the mindset of a Threat Actor to help you better understand the motivation and the steps of performing an actual attack – the Cybersecurity kill chain. You will gain hands-on experience in implementing cybersecurity using new techniques in reconnaissance and chasing a user’s identity that will enable you to discover how a system is compromised, and identify and then exploit the vulnerabilities in your own system. This book also focuses on defense strategies to enhance the security of a system. You will also discover in-depth tools, including Azure Sentinel, to ensure there are security controls in each network layer, and how to carry out the recovery process of a compromised system.

Related Content you might be interested in

Current Title:

Small book image
Cybersecurity – Attack and Defense Strategies - Second Edition
Yuri Diogenes | Dr. Erdal Ozkaya
Dec, 2019 | 634 pages
Small book image
Incident Response in the Age of Cloud
Erdal Ozkaya
Feb, 2021 | 622 pages
Small book image
Hands-On Cybersecurity for Finance
Erdal Ozkaya | Milad Aslaner
Jan, 2019 | 308 pages
Small book image
Learn Social Engineering
Erdal Ozkaya
Apr, 2018 | 566 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Security Posture
Security Posture
The current threat landscape
The credentials – authentication and authorization
Apps
Cybersecurity challenges
Enhancing your security posture
The Red and Blue Teams
Summary
References
2
Incident Response Process
Incident Response Process
The incident response process
Handling an incident
Post-incident activity
Incident response in the cloud
Summary
References
3
What is a Cyber Strategy?
Introduction
Why do we need to build a cyber strategy?
How to build a cyber strategy
Best cyber attack strategies (Red Team)
Best cyber defense strategies (Blue Team)
Summary
Further reading
4
Understanding the Cybersecurity Kill Chain
Understanding the Cybersecurity Kill Chain
Introducing the Cyber Kill Chain
Reconnaissance
Weaponization
Privilege Escalation
Exfiltration
Threat Life Cycle Management
Tools used in the Cyber Kill Chain Phases
Cybersecurity Kill Chain Summary
Lab – Hacking Wireless Network/s via Evil Twin Attack
Lab Summary
References
Further reading
5
Reconnaissance
Reconnaissance
External reconnaissance
Web Browser Enumeration Tools
Internal reconnaissance
Summary
LAB
References
6
Compromising the System
Compromising the System
Analyzing current trends
Phishing
Exploiting a vulnerability
Zero-day
Performing the steps to compromise a system
Mobile phone (iOS / Android attacks)
Lab
Lab 2: Hack those websites (legally!)
Summary
References
Further reading
7
Chasing a User's Identity
Chasing a User's Identity
Identity is the new perimeter
Strategies for compromising a user's identity
Summary
References
8
Lateral Movement
Lateral Movement
Infiltration
Network mapping
Avoiding alerts
Performing lateral movement
Lab
Summary
References
Further reading
9
Privilege Escalation
Privilege Escalation
Infiltration
Avoiding alerts
Performing Privilege Escalation
Hands-on example of Privilege Escalation on a Windows target
Privilege escalation techniques
Windows Boot Sequence
Conclusion and lessons learned
Summary
Lab 1
Lab 2
Lab 3: HackTheBox
References
10
Security Policy
Security Policy
Reviewing your security policy
Educating the end user
Policy enforcement
Monitoring for compliance
Continuously driving security posture enhancement via security policy
Summary
References
11
Network Segmentation
Network Segmentation
The defense in depth approach
Physical network segmentation
Securing remote access to the network
Virtual network segmentation
Zero trust network
Hybrid cloud network security
Summary
Ref
12
Active Sensors
Active Sensors
Detection capabilities
Intrusion detection systems
Intrusion prevention system
Behavior analytics on-premises
Behavior analytics in a hybrid cloud
Summary
References
13
Threat Intelligence
Threat Intelligence
Introduction to threat intelligence
Open source tools for threat intelligence
Microsoft threat intelligence
Leveraging threat intelligence to investigate suspicious activity
Summary
References
14
Investigating an Incident
Investigating an Incident
Scoping the issue
Investigating a compromised system on-premises
Investigating a compromised system in a hybrid cloud
Proactive investigation (threat hunting)
Lessons learned
Summary
References
15
Recovery Process
Recovery Process
Disaster recovery plan
Contingency planning
Live recovery
Best practices for recovery planning
Disaster recovery best practices
Summary
Resources for DR Planning
References
Further reading
16
Vulnerability Management
Vulnerability Management
Creating a vulnerability management strategy
Vulnerability management tools
Implementation of vulnerability management
Best practices for vulnerability management
Vulnerability management tools
Implementing vulnerability management with Nessus
LABS
Summary
References
17
Log Analysis
Log Analysis
Data correlation
Operating system logs
Firewall logs
Web server logs
Amazon Web Services (AWS) logs
Azure Activity logs
Summary
References
18
Other Books You May Enjoy
Other Books You May Enjoy
19
Index
Index

What this book covers

Chapter 1, Security Posture, defines what constitutes a secure posture and how it helps in understanding the importance of having a good defense and attack strategy.

Chapter 2, Incident Response Process, introduces the incident response process and the importance of having one. It goes over different industry standards and best practices for handling incident response.

Chapter 3, What is a Cyber Strategy?, explains what a cyber strategy is, why it's needed, and how an effective enterprise cyber strategy can be built.

Chapter 4, Understanding the Cybersecurity Kill Chain, prepares the reader to understand the mindset of an attacker, the different stages of the attack, and what usually takes place in each one of those phases.

Chapter 5, Reconnaissance, speaks about the different strategies to perform reconnaissance and how data is gathered to obtain information about the target for planning the attack.

Chapter 6, Compromising the System, shows current trends in strategies to compromise a system and explains how to compromise a system.

Chapter 7, Chasing a User's Identity, explains the importance of protecting the user's identity to avoid credential theft and goes through the process of hacking the user's identity.

Chapter 8, Lateral Movement, describes how attackers perform lateral movement once they compromise a system.

Chapter 9, Privilege Escalation, shows how attackers can escalate privileges in order to gain administrative access to a network system.

Chapter 10, Security Policy, focuses on the different aspects of the initial defense strategy, which starts with the importance of a well-crafted security policy and goes over the best practices for security policies, standards, security awareness training, and core security controls.

Chapter 11, Network Segmentation, looks into different aspects of defense in depth, covering physical network segmentation as well as the virtual and hybrid cloud.

Chapter 12, Active Sensors, details different types of network sensors that help the organizations to detect attacks.

Chapter 13, Threat Intelligence, speaks about the different aspects of threat intelligence from the community as well as from the major vendors.

Chapter 14, Investigating an Incident, goes over two case studies, for an on-premises compromised system and for a cloud-based compromised system, and shows all the steps involved in a security investigation.

Chapter 15, Recovery Process, focuses on the recovery process of a compromised system and explains how crucial it is to know all the options that are available since live recovery of a system is not possible in certain circumstances.

Chapter 16, Vulnerability Management, describes the importance of vulnerability management to mitigate vulnerability exploitation. It covers the current threat landscape and the growing number of ransomwares that exploit known vulnerabilities.

Chapter 17, Log Analysis, goes over the different techniques for manual log analysis since it is critical for the reader to gain knowledge on how to deeply analyze different types of logs to hunt suspicious security activities.

Previous Section
Next Section